WO2017092487A1 - Mobile authentication method and device - Google Patents

Mobile authentication method and device Download PDF

Info

Publication number
WO2017092487A1
WO2017092487A1 PCT/CN2016/100054 CN2016100054W WO2017092487A1 WO 2017092487 A1 WO2017092487 A1 WO 2017092487A1 CN 2016100054 W CN2016100054 W CN 2016100054W WO 2017092487 A1 WO2017092487 A1 WO 2017092487A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
mobile
information
module
user terminal
Prior art date
Application number
PCT/CN2016/100054
Other languages
French (fr)
Chinese (zh)
Inventor
胡志宏
闵律
Original Assignee
胡志宏
闵律
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 胡志宏, 闵律 filed Critical 胡志宏
Publication of WO2017092487A1 publication Critical patent/WO2017092487A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • G06F21/43User authentication using separate channels for security data wireless channels
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Abstract

Provided is a mobile authentication method, comprising: a user terminal sending an authentication request to a server; the server sending encrypted authentication information to a mobile authentication device of the user terminal after receiving the authentication request; the mobile authentication device receiving the encrypted authentication information, and converting the encrypted authentication information to acquire identity authentication information when it is confirmed that the user terminal sends the authentication request; the mobile authentication device sending the identity authentication information to the server; and the user terminal passing authentication when the server confirms that the identity authentication information is correct. The advantages of the present invention lie in: information bypasses a user terminal by directly connecting to a network front end, thereby blocking an information access channel of various viruses and trojans that likely exist in a terminal, and improving the security of user sensitive information; moreover, since there is no direct communication between an authentication device and a user terminal, the compatibility problem of a new platform that is likely to occur in the future is also solved, thereby fundamentally solving the compatibility problem of the platform and the authentication device.

Description

移动认证方法及设备Mobile authentication method and device 技术领域Technical field
本发明属于信息安全领域、移动支付领域与移动通信领域,具体涉及一种支持互联网用户认证的移动认证,可以在任何联网的平台和设备上实现电子签名和数字认证的功能,摆脱了目前验证设备对用户终端的依赖,为各类敏感信息开辟了专用信道。提高了各类敏感信息的安全性。The invention belongs to the field of information security, mobile payment and mobile communication, and particularly relates to a mobile authentication supporting internet user authentication, which can realize the functions of electronic signature and digital authentication on any networked platform and device, and get rid of the current verification device. The reliance on user terminals opens up dedicated channels for all types of sensitive information. Improve the security of all types of sensitive information.
背景技术Background technique
随着互联网的发展,各种网上认证的需求量大大增加。同时,需要认证设备也从传统的PC发展成了更加多样的移动设备。传统的认证方式正在出现越来越多的安全性和实用性的问题。为了适应这样的变化,各大网站的运营商,包括银行,游戏,电子商务都开始使用安全令牌来保护用户的信息安全包括第一代和第二代U盾。这些认证设备有效的提高了用户信息的安全性。With the development of the Internet, the demand for various online certifications has greatly increased. At the same time, the need for certified devices has evolved from traditional PCs to more diverse mobile devices. Traditional authentication methods are experiencing increasing security and practical issues. In order to adapt to such changes, operators of major websites, including banks, games, and e-commerce, have begun to use security tokens to protect users' information security, including first-generation and second-generation U-Shields. These authentication devices effectively improve the security of user information.
但是目前经过这些安全令牌的加密的数据,最终都是通过用户终端转发给前端。那么当用户终端被监视时,黑客虽然无法破译数字签名或已被加密的信息,但却可以利用得到的数据冒充用户访问前端。这将会影响用户的正常登陆和威胁用户账号的安全。同时目前通用的认证设备,在为移动端签名和加密时,需要使用移动端支持的物理和空中接口。因此在为不同的移动端签名时,安全令牌需要开放各种不同的接口。这就使得安全令牌的种类繁杂给用户使用时造成困惑,同时在未兼容的设备上将无法使用。这些都限制了安全令牌的发展。 However, the encrypted data currently passing through these security tokens is ultimately forwarded to the front end through the user terminal. Then, when the user terminal is monitored, the hacker cannot decipher the digital signature or the encrypted information, but can use the obtained data to impersonate the user to access the front end. This will affect the user's normal login and threats to the security of the user's account. At the same time, the current universal authentication device needs to use the physical and air interfaces supported by the mobile terminal when signing and encrypting the mobile terminal. Therefore, when signing for different mobile terminals, the security token needs to open a variety of different interfaces. This makes the variety of security tokens confusing for users and will not be available on uncompatible devices. These all limit the development of security tokens.
发明内容Summary of the invention
本发明的目的在于针对现有的各种安全令牌的不足之处,提供一种更方便、快捷、安全的解决方案。通过将认证信息从普通信息中分离的方法,保证了敏感信息能够绕过用户正常登陆时可能遭遇的监视。提高了用户敏感信息的安全性。同时,摆脱了平台的限制,只要用户所在地区有移动网络,那么用户就可以在不需要任何物理和空中接口的环境下自由的在任何平台上使用。从根本上解决了安全令牌在不同设备上的使用问题。这样不但提高了用户信息的安全,也大大增加了数字令牌的兼容性和易用性。The object of the present invention is to provide a more convenient, fast and safe solution to the deficiencies of the existing various security tokens. By separating the authentication information from the general information, it is ensured that the sensitive information can bypass the monitoring that the user may encounter when logging in normally. Improve the security of user sensitive information. At the same time, free from the limitations of the platform, as long as the user has a mobile network in the region, the user can freely use on any platform without any physical and air interface. The problem of using security tokens on different devices is fundamentally solved. This not only improves the security of user information, but also greatly increases the compatibility and ease of use of digital tokens.
本发明提供一种移动认证方法:用户终端向服务器发送认证请求;服务器接收到所述认证请求后,向该用户终端的移动认证设备发送加密认证信息;移动认证设备接收所述加密认证信息,确认用户终端发送了认证请求时,将所述加密认证信息进行换算获取身份认证信息;移动认证设备将所述身份认证信息发送给服务器;服务器确认身份认证信息正确,用户终端认证通过。The present invention provides a mobile authentication method: a user terminal sends an authentication request to a server; after receiving the authentication request, the server sends encrypted authentication information to the mobile authentication device of the user terminal; the mobile authentication device receives the encrypted authentication information, and confirms When the user terminal sends the authentication request, the encrypted authentication information is converted into the identity authentication information; the mobile authentication device sends the identity authentication information to the server; the server confirms that the identity authentication information is correct, and the user terminal passes the authentication.
进一步,本发明提供一种移动认证方法,还可以具有这样的特征:通过移动认证设备的确认模块,确认用户终端发送了认证请求。Further, the present invention provides a mobile authentication method, which may further have the feature that the user terminal transmits an authentication request by the confirmation module of the mobile authentication device.
进一步,本发明提供一种移动认证方法,还可以具有这样的特征:移动认证设备显示需要确认的相关信息。Further, the present invention provides a mobile authentication method, which may also have the feature that the mobile authentication device displays related information that needs to be confirmed.
另外,本发明提供一种移动认证设备,包括:移动通信模块,接收服务器的加密认证信息;安全控制模块,采用国际通用算法和国密算法将加密认证请求换算为身份认证信息;操作模块,具有确认模块,确认 用户终端发送了认证请求;移动通信模块,还将身份认证信息发送给服务器。In addition, the present invention provides a mobile authentication device, including: a mobile communication module, which receives encrypted authentication information of a server; a security control module that uses an international common algorithm and a national secret algorithm to convert an encrypted authentication request into identity authentication information; and an operation module having Confirm module, confirm The user terminal sends an authentication request; the mobile communication module also sends the identity authentication information to the server.
进一步,本发明提供一种移动认证设备,还可以具有这样的特征:还包括显示模块,用于显示认证相关的信息。Further, the present invention provides a mobile authentication device, which may further have the feature of further comprising a display module for displaying authentication related information.
进一步,本发明还提供一种移动认证设备,还可以具有这样的特征:还包括提供电源的电池和电源管理模块;电源管理模块与电池连接,向整个移动认证设备供电。Further, the present invention further provides a mobile authentication device, which may further have the following features: further comprising a battery and a power management module for providing power; the power management module is connected to the battery to supply power to the entire mobile authentication device.
进一步,本发明还提供一种移动认证设备,还可以具有这样的特征:所述操作模块还包括电源开关模块。Further, the present invention further provides a mobile authentication device, which may further have the feature that the operation module further includes a power switch module.
进一步,本发明还提供一种移动认证设备,还可以具有这样的特征:采用国际标准PKI体系数字证书进行身份认证。Further, the present invention further provides a mobile authentication device, which may also have the feature of performing identity authentication using an international standard PKI system digital certificate.
进一步,本发明还提供一种移动认证设备,还可以具有这样的特征:通过认证设备PIN码进行管理。Further, the present invention also provides a mobile authentication device, which may also have the feature of managing by the authentication device PIN code.
发明的有益效果Advantageous effects of the invention
本发明提供的一种移动认证方法及设备,通过直接连接网络前端,使敏感信息巧妙的绕开了用户终端,阻断了终端上可能存在的各类病毒和木马对敏感信息的访问通道。提高了用户敏感信息的安全性。同时因为认证设备和用户终端没有直接通信,所以也解除了认证设备对用户终端平台的依赖,不仅实现了对现有平台的通用,也解决了未来可能出现的新平台的兼容性问题,从根本上解决了平台和认证设备之间兼容性的问题。 The mobile authentication method and device provided by the invention directly connect the front end of the network, so that the sensitive information bypasses the user terminal in an intelligent manner, and blocks access to sensitive information of various viruses and Trojans that may exist on the terminal. Improve the security of user sensitive information. At the same time, because the authentication device and the user terminal do not have direct communication, the reliance of the authentication device on the user terminal platform is also removed, which not only realizes the versatility of the existing platform, but also solves the compatibility problem of the new platform that may appear in the future. The problem of compatibility between the platform and the authentication device is solved.
附图说明DRAWINGS
图1为本发明的移动认证方法的结构图。FIG. 1 is a structural diagram of a mobile authentication method according to the present invention.
图2为本发明的移动认证方法的流程图。2 is a flow chart of a mobile authentication method of the present invention.
图3为本发明的移动认证设备的结构图。3 is a structural diagram of a mobile authentication device of the present invention.
图4为本发明的移动认证设备的原理图。4 is a schematic diagram of a mobile authentication device of the present invention.
具体实施方式detailed description
下面结合附图和具体实施例对本发明做进一步的描述。The present invention will be further described below in conjunction with the drawings and specific embodiments.
图1为本发明的移动认证方法的结构图。FIG. 1 is a structural diagram of a mobile authentication method according to the present invention.
图2为本发明的移动认证方法的流程图。2 is a flow chart of a mobile authentication method of the present invention.
如图1和图2所示,本实施例中的移动认证方法是在:用户终端、服务器和移动认证设备,三者之间进行的。As shown in FIG. 1 and FIG. 2, the mobile authentication method in this embodiment is performed between a user terminal, a server, and a mobile authentication device.
步骤1:用户终端向服务器发送认证请求。Step 1: The user terminal sends an authentication request to the server.
用户终端通过GPRS或3G或4G或IOT等网络向服务器发送认证请求。The user terminal sends an authentication request to the server through a network such as GPRS or 3G or 4G or IOT.
步骤2:服务器接收到用户终端发出的认证请求后,向该用户终端的移动认证设备发送加密认证信息。Step 2: After receiving the authentication request sent by the user terminal, the server sends the encrypted authentication information to the mobile authentication device of the user terminal.
加密认证信息最基本包含:服务器生成的一次性密码的参数,这个参数的数字是随机生成的,是一个令牌。The most basic information about the encrypted authentication information is the parameter of the one-time password generated by the server. The number of this parameter is randomly generated and is a token.
如果相对应的移动认证设备具有显示模块,加密认证信息还可以包括此次认证的其他相关信息,如交易金额,收款方等。If the corresponding mobile authentication device has a display module, the encrypted authentication information may further include other related information of the authentication, such as a transaction amount, a payee, and the like.
步骤3:移动认证设备接收加密认证信息,确认用户终端发送了认证请求时,将加密认证信息进行换算获取身份认证信息。 Step 3: The mobile authentication device receives the encrypted authentication information, and confirms that when the user terminal sends the authentication request, the encrypted authentication information is converted to obtain the identity authentication information.
步骤3-1:与用户终端一一对应的移动认证设备具有移动通信模块,移动通信模块通过2G、GPRS、EDGE、cdma1x、3G,4G等网络与前端服务器进行通信。移动认证设备的移动通讯模块接收服务器发送的认证信息。Step 3-1: The mobile authentication device corresponding to the user terminal has a mobile communication module, and the mobile communication module communicates with the front-end server through a network such as 2G, GPRS, EDGE, cdma1x, 3G, 4G. The mobile communication module of the mobile authentication device receives the authentication information sent by the server.
步骤3-2:移动认证设备的移动通信模块通过UART或I2C或SPI接口,将需要认证的信息传输给设备的安全控制模块和显示模块。Step 3-2: The mobile communication module of the mobile authentication device transmits the information requiring authentication to the security control module and the display module of the device through the UART or the I2C or SPI interface.
显示模块可以将该次认证的相关信息,如交易金额、收款方信息等可读信息,方便用户识别。The display module can facilitate the user to identify relevant information of the authentication, such as transaction amount, payee information and other readable information.
步骤3-3:安全控制模块等待用户通过操作模块的确认模块,确认此次认证为该用户终端发出。Step 3-3: The security control module waits for the user to confirm that the authentication is issued for the user terminal by using the confirmation module of the operation module.
确认模块可以是按钮,也可以是触摸屏显示的对话框等,只要能实现确认操作即可。当确认按钮确认此次认证为该用户终端发出的,安全控制模块用于采用国际通用算法和国密算法对交易信息进行解密、换算、加密或数字签名,形成一次性的身份认证信息。The confirmation module can be a button, or a dialog box displayed on the touch screen, as long as the confirmation operation can be realized. When the confirmation button confirms that the authentication is issued by the user terminal, the security control module is configured to decrypt, convert, encrypt or digitally sign the transaction information by using an international common algorithm and a national secret algorithm to form a one-time identity authentication information.
身份认证信息包含根据服务器生成的一次性密码的参数,换算而成的一次性的密码。The identity authentication information includes a one-time password converted according to the parameters of the one-time password generated by the server.
步骤3-4:安全控制模块将身份认证信息通过上述接口传输给移动认证设备的移动通信模块。Step 3-4: The security control module transmits the identity authentication information to the mobile communication module of the mobile authentication device through the foregoing interface.
第四步:移动认证设备将身份认证信息发送给服务器;服务器确认身份认证信息正确,用户终端认证通过。认证通过后,服务器接收用户终端的操作或者接通数据传输等后续操作。Step 4: The mobile authentication device sends the identity authentication information to the server; the server confirms that the identity authentication information is correct, and the user terminal passes the authentication. After the authentication is passed, the server receives the operation of the user terminal or performs subsequent operations such as data transmission.
整个认证过程中,移动认证设备不与用户终端之间发生任何数据传输,也就是说移动认证设备与用户终端之间进行物理隔离,完全杜绝任 何企图从数据传输过程中窃取加密信息的可能性。During the entire authentication process, the mobile authentication device does not have any data transmission with the user terminal, that is, the physical isolation between the mobile authentication device and the user terminal is completely eliminated. What is the possibility of stealing encrypted information from the data transmission process.
图3为本发明的移动认证设备的结构图。3 is a structural diagram of a mobile authentication device of the present invention.
图4为本发明的移动认证设备的原理图。4 is a schematic diagram of a mobile authentication device of the present invention.
如图3和图4所示,应用于本实施例中的一种移动认证设备,包括电池1、电源管理模块2、安全控制模块3、移动通信模块4、案件模块5和显示模块6。As shown in FIG. 3 and FIG. 4, a mobile authentication device used in the embodiment includes a battery 1, a power management module 2, a security control module 3, a mobile communication module 4, a case module 5, and a display module 6.
电池1为3.3V的锂电池。用于给整个系统提供电源。电源管理模块2用于连接电池,向安全控制模块,移动通信模块和系统其它部分供电。电源管理模块还可以外接进行充电。Battery 1 is a 3.3V lithium battery. Used to power the entire system. The power management module 2 is used to connect the battery and supply power to the security control module, the mobile communication module, and other parts of the system. The power management module can also be externally charged.
移动通信模块,通过2G(其中包括GPRS EDGE cdma1x等,或者也可以使用3g,4g,和其他)网络,用于本设备与提出认证请求的网络前端的通信。移动通信模块通过UART(或者I2C,SPI)接口连接。采用国际标准PKI体系数字证书,对移动通信进行身份认证。The mobile communication module is used for communication between the device and the network front end that makes the authentication request through 2G (including GPRS EDGE cdma1x, etc., or also 3g, 4g, and others) networks. The mobile communication module is connected via a UART (or I2C, SPI) interface. The international standard PKI system digital certificate is used to authenticate the mobile communication.
安全控制模块,用于采用国际通用算法和国密算法对交易信息进行加密或数字签名。A security control module for encrypting or digitally signing transaction information using international common algorithms and national secret algorithms.
安全控制模块接收来自移动通信模块的数据,并将加密或签名处理后的数据通过移动通信模块返回网络前端,采用国际通用算法和国密算法对需要发送的信息进行加密处理。同时可以更具前端需求生成OTP(一次性密码)。采用国际标准PKI体系数字证书进行身份认证,认证设备的使用和电子签名均通过认证设备PIN码进行管理。The security control module receives the data from the mobile communication module, and returns the encrypted or signed data to the network front end through the mobile communication module, and encrypts the information to be sent by using an international common algorithm and a national secret algorithm. At the same time, OTP (one-time password) can be generated for more front-end requirements. The international standard PKI system digital certificate is used for identity authentication, and the use of the authentication device and the electronic signature are all managed by the authentication device PIN code.
显示模块为LED显示屏,通过SPI(或I2C或8080)接口与安全控制模块通信,获取和认证相关的信息。显示信息的内容,来自网络前端 的认证信息和来自本地安全控制模块的设备状态信息。The display module is an LED display that communicates with the security control module via an SPI (or I2C or 8080) interface to obtain information related to authentication. Display the content of the information from the web front end Authentication information and device status information from the local security control module.
本实施例中的操作模块包括:2个按键,按键1为电源开关键,按键2为确认按钮,实现的移动认证设备的电源开关,信息确认的功能。The operation module in this embodiment includes: 2 buttons, the button 1 is the power on key, the button 2 is the confirmation button, the power switch of the mobile authentication device is realized, and the information is confirmed.
当然,操作模块中可以设置多个按钮,如取消按钮,用于取消此次操作,或者其他功能键。Of course, multiple buttons can be set in the operation module, such as the cancel button, to cancel the operation, or other function keys.
另外,操作模块可以不采用按键的方式,采用其他方式实现,如对话框电机,或者语音确认等多种方式,不限于本发明提出的方式。设备可以存储多网站的信息,并分别独立管理。In addition, the operation module can be implemented in other manners without using a button, such as a dialog motor, or a voice confirmation, and is not limited to the manner proposed by the present invention. The device can store information on multiple websites and manage them separately.
变形例Modification
移动认证设备还可以具有判断选择模块。安全控制模块3,储存多个服务器相对应的换算加密方式。The mobile authentication device may also have a judgment selection module. The security control module 3 stores a conversion encryption method corresponding to multiple servers.
在保证了安全性的同时,移动认证设备可以在同一设备中分开管理多个网站的授权信息。根据不同的请求,移动认证设备可以使用不同的加密方式对来自不同的网站的认证信息分别进行加密。由于整个过程中前端服务器不能也不需要访问设备中的信息。所以多个网站间的信息不会互相共享。在提高了用户安全的同时,也保护了企业的利益。While ensuring security, the mobile authentication device can separately manage the authorization information of multiple websites in the same device. According to different requests, the mobile authentication device can encrypt the authentication information from different websites using different encryption methods. Because the front-end server cannot and does not need access to information in the device throughout the process. So the information between multiple websites will not be shared with each other. While improving user safety, it also protects the interests of the company.
移动认证设备的判断选择部,首先判断需要认证的账号,然后选择安全控制模块3中对应账号的算法和对应的参数,计算并完成认证。在注册设备时,会记录下账号的相关信息,以及需要使用的算法和参数。并通过按键确认完成注册。The judgment selection unit of the mobile authentication device first determines the account that needs to be authenticated, and then selects the algorithm and corresponding parameter of the corresponding account in the security control module 3, and calculates and completes the authentication. When registering a device, it records the information about the account and the algorithms and parameters that need to be used. And complete the registration by pressing the button.
综上所述,本发明提供的一种移动认证方法及设备,通过将认证信息从普通信息中分离的方法,保证了敏感信息能够绕过用户正常登陆时 可能遭遇的监视。提高了用户敏感信息的安全性。同时,摆脱了平台的限制,只要用户所在地区有移动网络,那么用户就可以在不需要任何物理和空中接口的环境下自由的在任何平台上使用。从根本上解决了安全令牌在不同设备上的使用问题。这样不但提高了用户信息的安全,也大大增加了数字令牌的兼容性和易用性。 In summary, the mobile authentication method and device provided by the present invention ensure that sensitive information can bypass the normal login of the user by separating the authentication information from the common information. Surveillance that may be encountered. Improve the security of user sensitive information. At the same time, free from the limitations of the platform, as long as the user has a mobile network in the region, the user can freely use on any platform without any physical and air interface. The problem of using security tokens on different devices is fundamentally solved. This not only improves the security of user information, but also greatly increases the compatibility and ease of use of digital tokens.

Claims (10)

  1. 一种移动认证方法,其特征在于:A mobile authentication method, characterized in that:
    用户终端向服务器发送认证请求;The user terminal sends an authentication request to the server;
    服务器接收到所述认证请求后,向该用户终端的移动认证设备发送加密认证信息;After receiving the authentication request, the server sends the encrypted authentication information to the mobile authentication device of the user terminal;
    移动认证设备接收所述加密认证信息,确认用户终端发送了认证请求时,将所述加密认证信息进行换算获取身份认证信息;Receiving, by the mobile authentication device, the encrypted authentication information, and confirming that the user terminal sends the authentication request, converting the encrypted authentication information to obtain identity authentication information;
    移动认证设备将所述身份认证信息发送给服务器;The mobile authentication device sends the identity authentication information to the server;
    服务器确认身份认证信息正确,用户终端认证通过。The server confirms that the identity authentication information is correct, and the user terminal passes the authentication.
  2. 根据权利要求1所述的移动认证方法,其特征在于:The mobile authentication method according to claim 1, wherein:
    其中,通过移动认证设备的确认模块,确认用户终端发送了认证请求。The confirmation module of the mobile authentication device confirms that the user terminal sends the authentication request.
  3. 根据权利要求1所述的移动认证方法,其特征在于:The mobile authentication method according to claim 1, wherein:
    其中,移动认证设备显示需要确认的相关信息。Among them, the mobile authentication device displays relevant information that needs to be confirmed.
  4. 一种移动认证设备,其特征在于:包括A mobile authentication device characterized in that it comprises
    移动通信模块,接收服务器的加密认证信息;a mobile communication module that receives encrypted authentication information of the server;
    安全控制模块,采用国际通用算法和国密算法将加密认证请求换算为身份认证信息;The security control module converts the encrypted authentication request into identity authentication information by using an international common algorithm and a national secret algorithm;
    操作模块,具有确认模块,确认用户终端发送了认证请求;An operation module, having a confirmation module, confirming that the user terminal sends an authentication request;
    移动通信模块,还将身份认证信息发送给服务器。 The mobile communication module also sends identity authentication information to the server.
  5. 根据权利要求4所述的移动认证设备,其特征在于:A mobile authentication device according to claim 4, wherein:
    还包括显示模块,用于显示认证相关的信息。A display module is also included for displaying authentication related information.
  6. 根据权利要求4所述的移动认证设备,其特征在于:A mobile authentication device according to claim 4, wherein:
    还包括提供电源的电池和电源管理模块;Also includes a battery and power management module that provides power;
    电源管理模块与电池连接,向整个移动认证设备供电;The power management module is connected to the battery to supply power to the entire mobile authentication device;
    电源管理模块还可以外接电源进行充电。The power management module can also be charged by an external power source.
  7. 根据权利要求4所述的移动认证设备,其特征在于:A mobile authentication device according to claim 4, wherein:
    其中,所述操作模块还包括电源开关模块;所述操作模块还包括选择模块或取消模块。The operation module further includes a power switch module; the operation module further includes a selection module or a cancellation module.
  8. 根据权利要求4所述的移动认证设备,其特征在于:A mobile authentication device according to claim 4, wherein:
    还包括判断选择模块,安全控制模块储存多个账号相对应的换算加密方式;The method further includes a judgment selection module, and the security control module stores a conversion encryption method corresponding to the plurality of accounts;
    移动认证设备接收所述加密认证信息后,判断选择部判断需要认证的账号,选择安全控制模块中对应的账号算法和对应的参数。After receiving the encrypted authentication information, the mobile authentication device determines that the selection unit determines the account that needs to be authenticated, and selects an account algorithm and a corresponding parameter in the security control module.
  9. 根据权利要求4所述的移动认证设备,其特征在于:采用国际标准PKI体系数字证书进行身份认证。 The mobile authentication device according to claim 4, characterized in that the international standard PKI system digital certificate is used for identity authentication.
  10. 根据权利要求4所述的移动认证设备,其特征在于:通过认证设备PIN码进行管理。 The mobile authentication device according to claim 4, wherein the management is performed by authenticating the device PIN code.
PCT/CN2016/100054 2015-12-01 2016-09-26 Mobile authentication method and device WO2017092487A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510869147.9 2015-12-01
CN201510869147.9A CN105528541A (en) 2015-12-01 2015-12-01 Mobile authentication method and apparatus

Publications (1)

Publication Number Publication Date
WO2017092487A1 true WO2017092487A1 (en) 2017-06-08

Family

ID=55770761

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/100054 WO2017092487A1 (en) 2015-12-01 2016-09-26 Mobile authentication method and device

Country Status (2)

Country Link
CN (1) CN105528541A (en)
WO (1) WO2017092487A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105528541A (en) * 2015-12-01 2016-04-27 胡志宏 Mobile authentication method and apparatus

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101997824A (en) * 2009-08-20 2011-03-30 中国移动通信集团公司 Identity authentication method based on mobile terminal as well as device and system thereof
CN102546168A (en) * 2011-11-30 2012-07-04 北京祥云天地科技有限公司 Communication device for identity authentication
CN105528541A (en) * 2015-12-01 2016-04-27 胡志宏 Mobile authentication method and apparatus

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101394276A (en) * 2007-09-21 2009-03-25 上海盛大网络发展有限公司 Authentication system and method based on USB hardware token
CN102201137A (en) * 2011-05-04 2011-09-28 北京趋势恒信科技有限公司 Network security terminal, and interaction system and method based on terminal

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101997824A (en) * 2009-08-20 2011-03-30 中国移动通信集团公司 Identity authentication method based on mobile terminal as well as device and system thereof
CN102546168A (en) * 2011-11-30 2012-07-04 北京祥云天地科技有限公司 Communication device for identity authentication
CN105528541A (en) * 2015-12-01 2016-04-27 胡志宏 Mobile authentication method and apparatus

Also Published As

Publication number Publication date
CN105528541A (en) 2016-04-27

Similar Documents

Publication Publication Date Title
JP6703151B2 (en) Authentication device with bluetooth interface
US20210367795A1 (en) Identity-Linked Authentication Through A User Certificate System
CN105050081B (en) Method, device and system for connecting network access device to wireless network access point
US10554420B2 (en) Wireless connections to a wireless access point
CN111049660B (en) Certificate distribution method, system, device and equipment, and storage medium
CN111416807B (en) Data acquisition method, device and storage medium
US9191394B2 (en) Protecting user credentials from a computing device
CN104639534B (en) The loading method and browser device of web portal security information
WO2017197974A1 (en) Biometric characteristic-based security authentication method, device and electronic equipment
JP6399382B2 (en) Authentication system
US8769289B1 (en) Authentication of a user accessing a protected resource using multi-channel protocol
US20140189811A1 (en) Security enclave device to extend a virtual secure processing environment to a client device
US9935953B1 (en) Secure authenticating an user of a device during a session with a connected server
CN109150535A (en) A kind of identity identifying method, equipment, computer readable storage medium and device
CN110334503A (en) The method for unlocking another equipment using an equipment
US10133861B2 (en) Method for controlling access to a production system of a computer system not connected to an information system of said computer system
CN106713279A (en) Video terminal identity authentication system
US20180357638A1 (en) Identity information authentication method, user terminal, service terminal, authentication server, and service system
US20110162053A1 (en) Service assisted secret provisioning
WO2014141263A1 (en) Asymmetric otp authentication system
CN103490893A (en) Information leakage testing control method, device and system and information channel safety certification device
US20190253402A1 (en) User sign-in and authentication without passwords
CN103916363A (en) Communication security management method and system for encryption machine
CN110401613A (en) A kind of authentication management method and relevant device
CN113411187A (en) Identity authentication method and system, storage medium and processor

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16869798

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16869798

Country of ref document: EP

Kind code of ref document: A1